//! Authentication layer for the koan server.
//!
//! When `auth_enabled = true`:
//! - All GraphQL/Subsonic requests must carry a valid JWT in `Authorization: Bearer <token>`
//! - Auth routes (/auth/login, /auth/refresh, /auth/logout) are always accessible
//!
//! When `auth_enabled = false` (default):
//! - All requests are treated as admin — no auth required. Same behavior as before this feature.
use Role;
/// Authenticated user context injected into request extensions and GraphQL context.